Highest Data Security

Why ACT

Highest Data Security in Collections

Federal law and common sense dictate that sensitive information should be kept private and protected. ACT has the policies, procedures, and equipment in place to ensure the security of client and customer information. ACT continually invests in the most up-to-date security policies, procedures, infrastructure and equipment.

FISMA Compliance

ACT is compliant with the Federal Information Security Management Act (FISMA), a federal security requirement of the utmost protection of cyber security. As a federal contractor, ACT is required to be FISMA compliant, which assures our clients that their accounts are protected to the highest degree against any threats to ACT's data, network and information systems.

SSAE 18 Certification

ACT's Statement of Standards for Attestation Engagements No. 18 (SSAE 18) certification demonstrates that we have rigorous controls in place to maintain the highest level of information security. SSAE 18 is one of the most prestigious third-party audit certifications for service companies, demonstrating ACT’s ongoing procedural integrity and reliability. ACT’s certification is based on annual examinations performed by an independent CPA firm, which ensures ACT is in compliance with physical and electronic security measures, business continuity and disaster plans, systems and network accessibility, encryption systems and controls.

U.S. General Services Administration (GSA) Contractor

ACT is an approved federal contractor under the General Services Administration schedule of eligible federal contractors. ACT serviced the U.S. Department of Education portfolio 2000 - 2018, and the company’s performance consistently ranks ACT in the top three of all elite agencies on the student loan collection unrestricted contract.

Disaster Recovery Preparedness

ACT invests significantly in technological infrastructure to support the services we offer and protect the data entrusted to us. ACT’s live production data center is located off-site and is able to switch or “failover” to our real-time redundant sites at corporate headquarters and other locations. This disaster recovery protocol manages serious disruptive crises in a structured manner to keep ACT’s systems running and available.